Skip to content

Bump crypto dependency to address critical CVE-2024-45337 #1974

New issue
New issue
Open
Open
Bump crypto dependency to address critical CVE-2024-45337#1974
Labels
kind/bugSomething isn't working
@vinceaperri

Description

@vinceaperri
vinceaperri
opened on Jan 9, 2025

Preflight Checklist

  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I am not looking for support or already pursued the available support channels without success.
  • I have checked the troubleshooting guide for my problem, without success.

Viper Version

1.19.0

Go Version

1.22.7

Config Source

Flags

Format

No response

Repl.it link

No response

Code reproducing the issue

No response

Expected Behavior

$ go mod graph | grep viper | grep crypto
github.com/spf13/[email protected] golang.org/x/crypto@v<version>

where <version> >= 0.32.0

Actual Behavior

$ go mod graph | grep viper | grep crypto
github.com/spf13/[email protected] golang.org/x/[email protected]

Steps To Reproduce

No response

Additional Information

https://nvd.nist.gov/vuln/detail/CVE-2024-45337

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    kind/bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions